Ransomware victim disclosure
← All victimsGAP, INC.
Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- United States
- Sector
- Consumer Services
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileGap, Inc. is an American multinational clothing and accessories retailer headquartered in San Francisco, California, founded in 1969 by Donald Fisher and Doris F. Fisher. The company operates several well-known brands including Gap, Banana Republic, Old Navy, Athleta, and Intermix. It is one of the largest apparel retailers in the world with thousands of stores globally.
- Industry
- Apparel & Accessories Retail
- Address
- 2 Folsom Street, San Francisco, California 94105, United States
- Employees
- 10000+
- Founded
- 1969
Attack summary
Severity: high — The disclosure status is 'data_published', indicating confirmed data exfiltration from a major multinational retailer that likely holds large volumes of customer PII, employee records, and financial data, even though specific data types are not enumerated in the post.Hunters International claims to have attacked Gap, Inc. and has published data as part of a disclosed leak. The specific nature of exfiltrated data or encryption activity is not detailed in the post.
Original description
AI-summarised, not from the leak postGAP, INC. is an American multinational clothing and accessories retailer. The company was founded in San Francisco, California by Donald Fisher and Doris F. Fisher in 1969. The company operates several well-known brands apart from Gap itself, including Banana Republic, Old Navy, Intermix, Hill City and Athleta. Known for its casual style, Gap is one of the largest apparel retailers in the world.
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

